initial remove of mbedtls_ssl_conf_rng

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
2025-07-29 11:41:15 +03:00 · 2025-03-06 11:35:00 +00:00
parent 48d1c149d1
commit 47111a1cb1
20 changed files with 0 additions and 47 deletions
--- a/programs/fuzz/fuzz_client.c
+++ b/programs/fuzz/fuzz_client.c
@ -142,7 +142,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
    // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes

    srand(1);
-    mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);

    if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
        goto exit;
--- a/programs/fuzz/fuzz_dtlsclient.c
+++ b/programs/fuzz/fuzz_dtlsclient.c
@ -85,7 +85,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
    mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
 #endif
    mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
-    mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);

    if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
        goto exit;
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@ -100,7 +100,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)


    srand(1);
-    mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);

 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
    mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@ -113,7 +113,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
    }

    srand(1);
-    mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);

 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
    mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@ -169,7 +169,6 @@ int main(int argc, char *argv[])
     * Production code should set a proper ca chain and use REQUIRED. */
    mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
    mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
-    mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
    mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
    mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS);

--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@ -200,7 +200,6 @@ int main(void)
        goto exit;
    }

-    mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
    mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
    mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS);

--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@ -187,8 +187,6 @@ int main(void)
        goto exit;
    }

-    mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
-
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
    mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk),
                         (const unsigned char *) psk_id, sizeof(psk_id) - 1);
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@ -150,7 +150,6 @@ int main(void)
     * but makes interop easier in this simplified example */
    mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
    mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
-    mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
    mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);

    if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -1906,7 +1906,6 @@ usage:
 #endif
 #endif  /* MBEDTLS_HAVE_TIME */
    }
-    mbedtls_ssl_conf_rng(&conf, rng_get, &rng);
    mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);

    mbedtls_ssl_conf_read_timeout(&conf, opt.read_timeout);
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@ -160,7 +160,6 @@ int main(void)
        goto exit;
    }

-    mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
    mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);

    mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@ -571,7 +571,6 @@ usage:
     * but makes interop easier in this simplified example */
    mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);

-    mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
    mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);

    if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) {
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@ -401,7 +401,6 @@ int main(void)
        goto exit;
    }

-    mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
    mbedtls_ssl_conf_dbg(&conf, my_mutexed_debug, stdout);

    /* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@ -179,7 +179,6 @@ int main(void)
        goto exit;
    }

-    mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
    mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);

 #if defined(MBEDTLS_SSL_CACHE_C)
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -2925,7 +2925,6 @@ usage:
 #endif
 #endif  /* MBEDTLS_HAVE_TIME */
    }
-    mbedtls_ssl_conf_rng(&conf, rng_get, &rng);
    mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);

 #if defined(MBEDTLS_SSL_CACHE_C)
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@ -383,7 +383,6 @@ usage:
            mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
        }

-        mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
        mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);

        if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {